public inbox for kernel-janitors@vger.kernel.org
 help / color / mirror / Atom feed
* [patch -next] bpf: null dereference allocating large arrays
@ 2014-11-22 18:30 Dan Carpenter
  2014-11-22 18:45 ` Alexei Starovoitov
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2014-11-22 18:30 UTC (permalink / raw)
  To: Alexei Starovoitov; +Cc: netdev, kernel-janitors

There is a typo here, "array" is null so we can't dereference it and
also the size calculation should match the kzalloc() on the lines
before.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
index 58b80c1..662a412 100644
--- a/kernel/bpf/arraymap.c
+++ b/kernel/bpf/arraymap.c
@@ -38,7 +38,7 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr)
 	array = kzalloc(sizeof(*array) + attr->max_entries * elem_size,
 			GFP_USER | __GFP_NOWARN);
 	if (!array) {
-		array = vzalloc(array->map.max_entries * array->elem_size);
+		array = vzalloc(sizeof(*array) + attr->max_entries * elem_size);
 		if (!array)
 			return ERR_PTR(-ENOMEM);
 	}

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-11-22 18:45 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-22 18:30 [patch -next] bpf: null dereference allocating large arrays Dan Carpenter
2014-11-22 18:45 ` Alexei Starovoitov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox